Another related option is a virtual LAN, which partitions the network and allows certain users to access only certain resources. That’s the solution at Paul, Hastings, Janofsky & Walker, an international law firm based in Los Angeles, where in a few new conference rooms visiting clients can use free wireless Internet access. When a visiting user boots up a laptop with a wireless network card, it identifies a WLAN connection and a message appears: "Welcome to Paul Hastings’ virtual network. Please click here for Internet access"?a modified version of the message coffee-slurpers get when they access the for-pay WLANs Starbucks has installed at many locations.

Theoretically, anyone nearby could get free Internet access, although CIO Mary Odson says the signal degrades noticeably near the windows, and even inside the building.

Encrypt data end-to-end with a VPN.

Within the next two years, Odson anticipates that her attorneys will also use WLANs regularly for accessing the network. In fact, she’s so sure of this that as Paul Hastings designs new offices, she’s spending less money on cabling. For transmitting sensitive legal documents and e-mail, she’ll use a combination of virtual private networks and encryption, treating each attorney as a virtual user even if he is in the office.

For that scenario, even an improvement on WEP wouldn’t work. WEP encrypts data between a wireless network card to the access point; a VPN encrypts data end-to-end. That kind of setup is already common in corporate America, especially for mobile employees. It isn’t a perfect option, of course. Not only are VPNs expensive and difficult to scale, but they also limit IT’s control over the data transmitted over the network, says Meta Group’s Kozup. But he adds that this is still the option most organizations are choosing for securing their WLANs.

Find a proprietary solution.

There are other proprietary wireless solutions for CIOs who aren’t content with these options. Major WLAN hardware vendors, including 3Com, Cisco and Enterasys Networks, are adding extra security capabilities into their products. Among them, Cisco’s LEAP (light extensible authentication protocol), which automatically changes the WEP keys in less time than it would take a hacker to decode them, has gotten the most attention. Other companies known as wireless LAN gateway vendors?Bluesocket and Vernier among them?sell centralized servers that perform authentication, encryption, and handle additional management and security details.

The Army went the proprietary route. By the time you read this, it should have begun rolling out 11,000 access points that will connect 85,000 mobile Army users during the next four years. The Army’s project is unique, not only because it carries sensitive information about battlefield logistics but also because the access points aren’t permanently installed in an office. Instead, the access points are radios that travel along with troops. Each access point talks to a workgroup bridge that has computers cabled to it. The information on the WLAN is also encrypted using AirFortress devices from Fortress Technologies in Tampa, Fla.